FILE SYSTEM VULNERABILITY has been discovered in Magento that enables an attacker to execute arbitrary code on your magento server. Just create a file with .CSV extension, create writable directories, and change the permission of existing files to world writable(777). The issue affects all shipping versions of Magento Community Edition (CE) and Enterprise Edition (EE). Operating system Versions affected are:
- CentOS 5.x and 6.x.
- RedHat Enterprise Linux 5.x and 6.x.
?php phpinfo()Display that page in a web browser. (For example, http://www.example.com/path/test.php.csv If your browser saves the file or prompts you to save the file instead of displaying it, your server is not vulnerable.]]>